Posted
by
Soulskill
on Wednesday January 30, 2013 @03:41PM
from the leeching-is-bad-form dept.

pigrabbitbear writes "We are strangely territorial when it comes to our wireless networks. The idea of someone siphoning off our precious bandwidth without paying for it is, for most people, completely unacceptable. But the Open Wireless Movement wants to change all that. 'We are trying to create a movement where people are willing to share their network for the common good,' says Adi Kamdar, an activist with the Electronic Frontier Foundation. 'It's a neighborly thing to do.' That's right, upstanding citizen of the Internet, you can be a good neighbor just by opening your wireless network to strangers — or so the line goes. The ultimate vision is one of neighborhoods completely void of passwords, where any passerby can quickly jump on your network and use Google Maps to find directions or check their email or do whatever they want to do (or, whatever you decide they can do)."

Easy to fix. If you want to access someone's WiFi, you log into the proxy server on that network.

This token may be sent via email, SMS, or determined from the comptuer's MAC address. From there, the WiFi host is protected, but they can still track down the person trying to view the Little Lacy Surprise Pageant.

That's the standard approach used by businesses now - it's too complicated for a business like a restaurant to set up themselves, but they can easily enough enter into some form of agreement with a hotspot operator to provide the service. It's not practical for the home user though, without a company to run the authentication who can maintain the authentication/logging system and contract with a mobile network operator to send SMS messages.

Actually, if a large number of people did this, the number of Tor exists would be far larger than it is now. Since most public access points would be unused most of the time, the throughput would theoretically be quite good. This does of course neglect to take the probable douchbag factor into account.

Easy to fix. If you want to access someone's WiFi, you log into the proxy server on that network.

What is the practical difference between "closed wifi" and "open wifi with a mandatory log-in"? In both cases you must obtain a credential (and thus implied permission) to use the network. You've just moved the access limit from the radio to the wire side.

In general, though, the reason this movement will fail is the same reason why people want it to work. Selfishness. The same person that says "I would like to have wifi without paying for it when I am somewhere not home" has already said "I don't want to pay for my own 3g/data plan so I can have network access when I am not home". That same attitude would result in "why should I pay for network at home if I can get it free from my neighbor".

In the final result, everyone who wants free wifi wherever they go will be the ones who are least likely to provide free wifi to others, and that means the entire system is a self-fulfilling failure.

If you notice, most of the free wifi you find is not from altruistic people, it is from businesses that want to lure you into their establishment so you'll be likely to buy things from them. Profit motive. The altruist who opens his home network to free wifi for others has no profit motive, and while it is wonderful he exists, there is no incentive other than personal pleasure for him to do it. He can't depend on it being repaid, and he can't depend on it not being abused.

There are hybrid approaches. A good hacked router can serve up multiple SSID networks. You could have an internal protected WPA2 network, and then a segmented open network. You should even be able to direct traffic to some website (hosted on the router) with some disclaimers. I don't know if a simple website with an "accept" button would get you off the hook for random people's actions, but common sense says it would. I know, I know, the RIAA and MPAA don't employ people with common sense, but hopefull

"Defendant is capable of loading and firing a gun, convict them of manslaughter!"

Every one of your examples is missing the critical part. For example: "Defendant is capable of loading and firing a gun" OWNS A GUN, AND SOMEONE WAS SHOT WITH THAT GUN WHILE THE DEFENDANT WAS IN POSSESSION OF THAT GUN "convict them...".

Trying to claim that you set up protections to keep people from accessing CP AS A DEFENSE to your access point being used to access CP kind of requires that someone accessed CP using your access point and network. You don't need to try that defense if nobody accesses CP, o

In general, though, the reason this movement will fail is the same reason why people want it to work. Selfishness. The same person that says "I would like to have wifi without paying for it when I am somewhere not home" has already said "I don't want to pay for my own 3g/data plan so I can have network access when I am not home". That same attitude would result in "why should I pay for network at home if I can get it free from my neighbor".

1) There is a brain-dead simple way to ensure that my internal network is secure from anyone using it as an open access point,

2) a similarly brain-dead way to limit how much can be downloaded per open access client, and

3) legal assurance that I was in no way liable for anything downloaded from my open access point.

While the Open Wireless Movement (OWS - is that a conicidence?) could probably easily provide the first two, the third is a matter of legislation and thus is the real sticking point. I imagine there are many others like me that don't recoil at the very idea of someone "freeloading" and would be happy to provide a service to the community, but if I'm going to face any chance of liability for doing so, or if it's just a matter of being a PITA to set up, then it's not happening. If it were easy AND there were no potential legal consequences, I think you'd be surprised how many folks would *not* be that selfish.

Someone finds and an open WiFi, DL's some CP, you get the blame. One of the many reasons they can have my Cat 5e when they pry it from my cold dead fingers.

How ever, once open wifi is the norm, such prosecute the IP address holder techniques would not be possible. Cops would actually have to do some real work of finding the sources rather than going after the sinks.

Actually the average time an individual IP address is assigned to a device using DHCP is much longer that half the lease period. This is because when half the lease period is elapsed the device attempts to renew the lease for the same address. This succeeds the vast majority of the time >90%. In addition if a device disappears from the network and then reappears after lease expiration most DHCP servers will assign the same IP address if available.

Cops determine that someone has been downloading CP, and trace it back to your house. They launch an immediate investigation, with you as the obvious prime suspect. They're aware that they can't prosecute on IP alone, so they do their diligence, and after searching your seized devices, they exonerate you. Publicly, even.

You still lose your family and your job, and your life is basically over, because your name once appeared in a report investigating kiddy pr0n. You will be personally threatened, maybe even assaulted, by vigilantes who want to "protect" their children from "monsters" like you. There is literally no amount of public exoneration that will make the average Joe believe you're not a pervert.

Cops determine that someone has been downloading CP, and trace it back to your house. They launch an immediate investigation, with you as the obvious prime suspect. They're aware that they can't prosecute on IP alone, so they do their diligence, and after searching your seized devices, they exonerate you. Publicly, even.

You still lose your family and your job, and your life is basically over, because your name once appeared in a report investigating kiddy pr0n. You will be personally threatened, maybe even assaulted, by vigilantes who want to "protect" their children from "monsters" like you. There is literally no amount of public exoneration that will make the average Joe believe you're not a pervert.

So you're saying, "there are a lot of abusive asshats out there." That's true. Are you going to let that keep you from doing things?

There's no shame in saying "yes, my neighbors, employer, and family are ignorant bigots and fools and possibly dangerous". But recognize that's what you are saying.

Even if they clear you of the child porn charges and expunge the records, they will probably hang onto your computer, and ALL your backup devices (thats standard practice), until they are done investigating - could be a couple of years.

In scanning all your your hardware, they may find that you've illegally downloaded Beatles tunes. Maybe somewhere in your vast legal porn collection they find a picture that is actually child porn (its not like you can distinguish an 17 year old form an 18 year old with perfe

I think his point is that if a cop does that in 2013, a judge and/or jury will believe he got the right suspect, since most people don't have (or see) open wifi so it's a hard-to-believe defense (and yes, in real life, criminal justice is based on preponderance and likelihood of evidence, not proof). "The defendant says he has an open AP? Nobody I know does that. Sounds like bullshit."

If open wifis were the norm, then abusive cops might still be hauling people to court, but the "evidence" would be worthl

If that's the case, why isn't every Starbucks shut down for facilitating CP downloads? I think it's a fear that's blown far out of proportion. The most likely negative of sharing wifi is the person maxing out your bandwidth with Netflix downloads.

Well, technically you're not. Except for the part where you're guilty until proven innocent.

Right. So why even expose myself to any potential risk when I can just close the network and not worry about it. Sounds awesome on paper, and as long as I didn't have bandwidth caps as someone else mentioned and I was guaranteed to never be held liable for somebody torrenting from my IP address, I'd do it. Otherwise, no.

"Technically you're not?" Citation needed. You are almost certainly liable for any criminal activity that originates from your home. This is not "guilty until proven innocent." If your neighbor sues you for damage to his fence originating from your side, you are liable but not guilty. The lawsuit will establish guilt or innocence. Same with people committing fraud from your equipment. You will be liable, and will have to respond to any litigation that results. This aside from any contractual obligations you

You've really got two problems to deal with. The civil liability, and the criminal prosecutions. The first gets you in trouble for all the copyright infringement, the latter the downloading of child porn. That's a particular concern, because the usual social approach to child porn is 'Hang the perverted monster.' Even if you can prove beyond all doubt that it was someone else, a hard thing to do, you'll still find that your name is dirt, no company will hire even an accused pedophile, and your neighbours start smashing your windows in an effort to make you leave.

If I have a guest over and that person kicks a whole through the neighbor's fence I'm automatically liable simply because he was standing on my property when he did so? I don't think that's how it works. You might find yourself in some kind of trouble depending on the exact situation, but to try to boil it down to "You will be liable" is overly simplistic to the point of being a straw man.

Can you show me one business that's been successfully prosecuted for something a guest did on their free WiFi? I'm not aware of any. I am aware of countless situations where someone's open WiFi was used in a malicious way. What usually happens is the police bust down your door, confiscate all your computers and you maybe get them back 18 months later after spending a small fortune on legal fees. There is no citation needed here. I can't cite a law that doesn't exist. If you doubt me, I urge you to pro

Along with liability, I would be worried about bandwidth starvation and isolation of my internal network from those "passing by". These can all be done today, but if the router an easy menu to set that up easily, it would work.

I would imagine that if it became too popular, the Internet providers will start capping usage to something crazy low.

Along with liability, I would be worried about bandwidth starvation and isolation of my internal network from those "passing by". These can all be done today, but if the router an easy menu to set that up easily, it would work.

I would imagine that if it became too popular, the Internet providers will start capping usage to something crazy low.

Agreed. So long at the MPAA and RIAA goon squads are searching out "IP violators", I don't intend to get sued. Also, from a moral standpoint, there are some web sites to which I don't want to increase traffic (such as terrorists).

I've been running an open wifi for over a year with no problems so far. I have a dual ethernet linux box running iptables with a set of white listed ports allowed through. My wifi routers are mere access points all switched on a single subnet to the linux firewall. Over time I looked at generated traffic and opened up ports various devices use for legitimate services like 993, 587, 443 etc. I block all UDP ports except 123, 4500 and 500. Some services, like iCloud, like to abuse the network using UDP. streams. That along with all unauthorized port traffic gets dropped (using -j DROP) into the bit bucket -- the device deserves no response from the firewall. Bittorrent simply doesn't work in this environment out of the box (although I acknowledge it's possible a determined someone could rig something to make it work but people who know how to do that are rare and it's probably not worth their time because I'll probably eventually catch them). I also detect bad SSL sessions by monitoring the first pushed byte sent over whatever TCP ports I leave open. Tcpdump runs constantly and I have some perl scripts to analyze the traffic and create reports of usage. This allows me to see if some new legitimate service needs a port open or if devices are trying to abuse the network which gets them banned by perl script. Skype doesn't work either and I have found it to be a particularly obnoxious service making it look like Bittorrent. Anyone pounding on Skype to get it to work gets banned by IP address. And all port 80 goes through a Squid proxy. Granted a determined user could get around my bans for awhile but for the most part I have found the real obnoxious actors are bad services like Skype and iCloud. And for the most part people use port 80 for web and 443 for encrypted stuff.

So far things have worked out and I get around 250 unique visitors per month. The vast majority of users just get on, do some stuff like check mail or train schedules and get off. I have been doing this more or less as a "science project" to see how these modern devices communicate. Plus the neighbors get Internet access. I have found the bandwidth used per month is rather trivial. I just recently got a tablet with just wifi and so far have had no problems with anything not working through my iptables with white listed ports.

QoS gives packets different priority based on the type of data and net neutrality allows for that. What net neutrality doesn't allow for is differing priority based on the server; specifically, it doesn't allow you to treat packets from your servers preferentially and it doesn't allow you to blackmail other service providers for faster speeds. As for providing a guest with a slower connection than yourself, that is no different than an ISP giving different bandwidth speeds depending on your service level and has nothing to do with QoS or net neutrality.

That does not protect you from searches, equipment confiscations, privacy invading investigations and high legal costs for defending yourself. But yeah, after 2 sleepless years you will be acquitted. great.There was a time when "presumed innocent" used to mean something. Not anymore.

Not sure about home insurance, but I know here in Canada that isn't true of vehicle insurance. My father had his truck stolen with the keys in the ignition. The insurance company tried to convince him that he wasn't covered because of that, but after about 6 or 7 rounds of intimidation from the insurance company they finally relented and admitted that stealing is stealing and it didn't matter how it happened. Now if he wouldn't have been so stubborn they would have won and my dad would have been left wit

I am not necessarily going to hate on this, but doesn't the idea kind of undermine the subscriber model of service delivery? One reason we can achieve the individual speeds we do is because of over subscription of available bandwidth, it's not as though each residential customer is actually buying the bandwidth they receive, and so that is how the provider pays for infrastructure to provide the global access they do. Isn't the eventual endgame scenario of this to be in effect undermining itself?

The only way it would not be is if:

1. per subscriber rates were to increase2. some open source movement to supply trunk lines between point of presences... not sure how that will work out..

Yeah - there's a lot wrong with this, unless some things change. 1) Suddenly the ISP loses most of their customers who all start sharing a connection; they start charging by bandwidth because it becomes the only tenable solution. 2) Your bandwidth is only so high... with everybody using it, you get slammed with a fraction of what you're paying for while others are getting the rest. 3) Your neighbors or drive-bys do something bad and you get blamed.

Which is why WiFi has become such an issue. Providers who are charging a fair amount of money don't want people to be able to just get WiFi anywhere. They want people to have some incentive to pay for it.

Technologically this is a complex problem to solve,but can be done. First, the access points can have a guest access feature. Apple and others have done this. The guest access should be locked down by default and not expose other users, or the logged in users, data or information. This is hard to d

Fair usage based on your agreement with your provider likely prohibits this meaning you would be in breach of contract and subject to cancellation, at least here in the US, and rightfully so in my opinion. Secondly, sounds like something the child porn perverts would love to see happen to assist them in evading detection while they prey on our children. Sorry, I won't be participating in this. Ever.

If I decided to do this, I would need to operate my LAN like every node was bare on the internet. I've got fileservers with guest access (for, you know... houseguests), web services, my invoicing system, and a whole slew of other personal services. The thought of open wifi on the LAN kinda scares me from a security perspective.

Given that the majority of people out there aren't security conscious, there are all kinds of implications for keeping default router settings/passwords.

When I was staying in the Oakwoods in Burbank, CA for work (long-term housing, like... for months), I could see every machine on the LAN and all of the windows machines had read-only filesharing on, so I was able to loot up on all kinds of raunchy porn that people downloaded from limewire. One guy even had a bunch of tax documents in a shared folder. This included a PDF of the lease on his lexus, and some credit card statements. Another guy had 8GB of photos of his kids and family.

You don't sound like you were trying to be malicious, but didn't you consider not snooping on other peoples machines?
I still like the idea of having unlocked doors and not needing security systems on houses, etc. I expect other people to have a moral compass and not walk in and go through my stuff. I get your point, but I wish you would elevate your mentality to where you aren't violating peoples privacy and feeling justified because they didn't actively prevent you from doing it.

That's one of my main concerns as well. Plus the QOS issue.Ideally I would have a fancy router that could broadcast two SSIDs at the same time, one with a SSID of "free Internet: password is password", and the other something else. And then restrict (put into a demilitarized zone (DMZ)) the public network from all my private stuff. And, ideally I would have a click through agreement saying that I could do whatever I wanted, but that I probably wouldn't... And please don't use BitTorrent or other bandwidth h

Sounds like if any single of your devices (or your guest's devices) are compromised, your entire network is compromised. The problem already exists, opening up your network would only expose it further.

A good router can provide a guest SSID that is isolated from your home network, some of them even let you limit bandwidth and blacklist/whitelist sites. I am not sure exactly how strong the wall between the two is but the feature is pretty common these days.

Its plausible deniability to the a$$hats running our governments. I run an IT consulting business and have machines with all kinds of malware come through, and I also share my internet with all my neighbors. I don't do anything illegal, but all my drives are truecrypt encrypted and anyone who takes my drives would told briskly where to go. I don't care who did what and where. I don't care and refuse to be a policeman. Internet is internet and only the person who sent the bad stuff should be responsible. Me

I'd imagine that most ISP's specifically prohibit you from redistrubuting the connection. I know AT&T does:http://www.att.com/shop/internet/att-internet-terms-of-service.html#fbid=ngagtE5P5nhSection 10a - "a. No Resale. The Service is provided for your use only (unless otherwise specifically stated) and you agree not to, whether for a fee or without charge, reproduce, duplicate, copy, sell, transfer, trade, resell, re-provision, redistribute, or rent the Service, your membership in the Service, any port

I'm rather surprised that only one A.C. mentions TOS. I was about to, but I was scanning the comments looking to see if anyone else had. In all of the comments you're the only one. Most of the comments were concerned about the MafiAA, kiddie pr0n, and loss of bandwidth.

But TOS is a civil matter. Share your connection and they're entitled to cut you off.

Keep in mind that (with a decent router) you can open your Wi-Fi but route all guest connections through TOR transparently. That might be a fair compromise, along with rate-limiting, capping per-session usage, and setting a hard limit for the month if necessary to prevent yourself from going over your own cap on service.

Open Wi-Fi everywhere actually makes me more nervous for the clients than for the servers. People already don't understand security with Wi-Fi, and need to know that any server they're using can observe their traffic if it isn't encrypted. I guess that's already a concern without open Wi-Fi everywhere, though.

'We are trying to create a movement where people are willing to share their network for the common good,' says Adi Kamdar, an activist with the Electronic Frontier Foundation. 'It's a neighborly thing to do.'

If my neighbors want an internet connection, they can buy their own, dammit.

In a world where you can be sued for downloading files based on an IP address, or where you can be investigated for things like child pornography... there's no way in hell I'd be willing to open my network for everybody to use

I agree with the other response - that guy was outsourcing his parenting problems on to you. Does he expect the librarians to limit what books his kids can borrow from the public library too?

On the other hand, he could have made life difficult for you being a neighbor and all. I would have suggested a compromise - block his kid's MAC address. If the kid figures out that he is being blocked by MAC address and is smart enough to change it, then (A) good for him and (b) it is now up to the parent to do some

I have had my AP open for almost a year in the middle of New York, and there are usually 10-20 mobile and other users connected. And even though I have assigned the highest priority to my own computer, sometimes network slows down considerably. It might be the "wonderful" TimeWarner messing up as usual, but it could also be some torrent usage which I would rather keep off. Sadly, specifically my revision of the linksys router does not run dd-wrt or any other open stacks, so I have no way to do any custom ma

I'm not entirely certain why the article lists "siphoning precious bandwidth" as the reason most people would lock down their Wi-Fi. It seems highly unlikely that that would come into play at all, most of the time, much less be the main reason.

No, there are three reasons why I don't have an open AP:

1. Legal liability for a guest's action is spotty. Technically speaking, I know that I am not liable if a guest performs an illegal act using my AP. What's the likelihood that a police officer or prosecutor would give me the benefit of the doubt while investigating the crime, though? The most likely course of action is that I spend some time in jail or under arrest until my innocence is proven.

2. My ISP TOS expressly forbids sharing the service. As long as they aren't doing deep packet sniffing (and they might be), it's possible I could set up the open AP such that everything is NAT'ed through a known server. The risk of doing so is getting my service cut off, though.

3. Allowing a rogue agent in my network drastically reduces the security of the network. I could create a locked down subnetwork just for the open AP, but that would be a notable amount of work.

So I have risks that involve jail time; termination of service; and/or loss of my personal data. What are the rewards? I feel good about helping my fellow man?

It's pretty easy for me to add an alias AP to my router. I've done it before. I can turn on CBQ and even have some fairness, letting people use my WiFi at full speed as long as nobody on the password protected port needs bandwidth. Takes 5-10 minutes to configure it all.

Now here is why I have not done that, I don't want a SWAT team kicking down my door if someone uses my WiFi to hack, pirate or download child porn. The overly aggressive police force in the US makes me not want to do a neighborly thing. It a

- Ubiquitous 3G, available to all, even those on prepaid plans, makes this completely unnecessary.
- Traffic caps
- Shared bandwidth = less bandwidth for subscriber
- Freeloaders = less people actually paying for infrastructure = more expensive for those paying
- Security issues as partitioning off home network requires a certain amount of expertise
- Liability issues

This proposal may have made sense in 1993, when a high bandwidth connection t

Because I'm paying a substantial amount of money for a 4096/256 connection. That's kilobit, not kilobytes per second.

Download, yeah, I could live with you leeching some of it, but any and all upload kills the download. Are you part of a botnet? If you start sending shit up, we'll both get choked on download speed; not only because of the upload, but also because of the number of connections. About 50 and my router starts crapping out.

What's that? Buy a better router that handles more connections and can seg

In order to do this without exposing your LAN to security issues, and not create liability issues because of the action of guests, it would require more setup than most end-users are capable of.

The WiFi interface would have to be kept separate (not bridged to the LAN), and the WiFi interface would have to be VPN'd to a (legally) safe termination. If companies want users to be able to use open WiFi, they need to step up to make this a default configuration on routers. Sure, those that use openwrt or dd-wrt can configure this, but there's a vanishingly small percentage of users with that skill set.

A few years ago, when I was changing ISP, I remember reading terms and conditions (for most, if not all the ISPs I looked at) that banned the sharing of your internet connection with third parties. I'm not sure what the terminology was exactly, but they were obviously trying to stop this kind of thing from happening (on paper at least).

TFA makes the point that, at least in theory, you can bandwidth-limit your router so that the amount of flow your neighbors generate is negligible. Someone who's driving through your neighborhood and is lost can pull over and look at a map on their handheld device, but the guy in the house next door won't be watching netflix all night on your connection and bogging you down. Another thing to realize is that if you have cable modem service, you're sharing bandwidth with your neighbors anyway.

My wireless network used to be open so others could use it. I had to put a stop to it last Christmas day, seems like a lot of people in the neighborhood must have gotten laptops, tablets and smartphones that day. Wifi freeloaders simply aren't considerate enough about bandwidth usage, so I had to shut them off.

I still wouldn't be able to participate in something like this because of the data caps my monopolistic cable provider has. It's one thing for me to pay for my own monthly usage, but having my limit sucked dry in a few days and either paying a great deal for the overages or having my service cut off goes beyond my willingness to help out.

AT&T currently caps my wired land-line DSL connection, and charges outrageous overage fees if I go over their arbitrary limits. (And as past/. posting have indicated, their measurements are highly in dispute and they will not even say how they come up with your supposed usage.) The little old lady next door has already received shocking bills because she used to watch NetFlix on her AT&T DSL connection. So exactly how do I open my already expensive Internet connection without getting

I've been running a little Linksys thingy for years with open access and set to 1 Mbps WiFi, which amounts to about 300 kbps in practise. It is enough for people to check their email and so on and doesn't bother me on my 5 Mbps connection.

With 3G cellular common, and with 4G cellular being sold at a tremendous rate, I'm frequently seeing people with more cellular bandwidth than land line bandwidth. Most people don't need their neighbors to open their WiFi to get high speed Internet.

You want me to do something that may get me in legal trouble--which I may or may not be able to get out of, but will cause me no end of trouble even if I do--can possibly cause my internet connection to collapse under ballooning bandwidth demand unless I do extensive and technical reconfiguration of my network setup, and is in complete violation of my Terms of Service with my Internet provider, so other people don't have to pay their Internet bills?

I was doing just this very thing for about 3 years. I even thought I was protecting myself somewhat because I put a splash page on the WiFi using nocatsplash with DD-WRT to display a page that says "Hey, I'm doing this to be nice. Don't do anything illegal, please." I thought at the worst I'd get a DMCA notice if someone downloaded a movie or something, but it was much worse.

The FBI and ICE (Immigration & Customs Enforcement) knocked down my door, pointed guns at us, confiscated all of my computers, interrogated my fiance and I for a few hours, they told my fiance that I was a pedophile and it nearly cost us our relationship. Seriously - when the FBI tells your fiance that you're a pedophile, it's hard to convince her otherwise. Some jack ass had apparently downloaded child porn using eDonkey/eMule over my wifi network. The FBI ended up returning most of my computers, but not all of them (I probably could have got them back, but I would of had to go to court to do it, and the computers were only worth about a grand). It also took almost a year to get that far. They also eventually told my fiance that I wasn't a pedophile.

It was a rough fucking year.

Don't do it. Keep your wifi locked down with as much encryption as you can. It's not worth it while judges are issuing search warrants based upon nothing more than an IP address.

Rather than have all these individual routers competing for air space with each other, it would be even better if they cooperated with each other to route packets and let clients roam from one to another.

Just like we graduated from lots of individual BBS's to the Internet, we need to make similar progress at the "consumer" end.

Actually, I think I HAVE seen such devices. They present two SSIDs to the world, one of which is a guest setup that prevents LAN access and restricts bandwidth, the other behaves more traditionally with WPA2 or what-have-you.

The only problem is that I can't for the life of me remember who made it, or what model it was, or if it was actually the behavior of one of the open-source firmwares out there.